9-Year PHI Breach Reported by Dominion National

Virginia-based Dominion National, which is an insurance company, health plan manager, and administrator of dental and vision benefits, learned that a data breach affected the personal information of individuals connected to the services it provides. The perpetrators of this data breach first hacked the servers of Dominion National in 2010.

After receiving the incident notification, Dominion National initiated an internal investigation and verified that its systems was indeed breached.

A leading cybersecurity agency performed an extensive forensic analysis and review of affected files and confirmed the potential exposure of sensitive information of current and previous members of Dominion National and Avalon Vision plans.

The investigation results revealed that there was likely compromise of the information of people linked with the institutions the company administers with respect to dental and vision benefits, healthcare providers and plan producers. On August 25, 2010, hackers first acquired unauthorized access to the systems of Dominion National. That happened nine years back prior to the finalization of the investigation. It is unclear now when Dominion National first learned about the breach.

The cyberattack investigation ended on April 24, 2019. Dominion National mailed notification letters to all persons affected by the breach and offered them a two-year membership to credit monitoring and identity theft protection services. All servers of Dominion National are secured and enhanced with tracking and notification software application.

The compromised information of affected persons may be different from one another. The exposed information may have included names, addresses, email addresses, dates of birth, member ID numbers, subscriber numbers, group numbers, taxpayer ID numbers, Social Security numbers, bank account and routing numbers.

The breach summary is not yet posted on the HHS’ Office for Civil Rights breach portal. There’s likewise no report made with regards to the number of individuals affected by the incident.